diff options
| author | mguetlein <martin.guetlein@gmail.com> | 2011-08-22 11:23:49 +0200 |
|---|---|---|
| committer | mguetlein <martin.guetlein@gmail.com> | 2011-08-22 11:23:49 +0200 |
| commit | 89b583fbc8e2493bcfd912bed72b8a80d4d2474d (patch) | |
| tree | 1afc80a01077383344fabc2441837ab98e732309 | |
| parent | 8d10ccb9b672d07c01d6f4209395dd16fc7f020b (diff) | |
unify cookies
| -rw-r--r-- | lib/environment.rb | 5 | ||||
| -rw-r--r-- | lib/helper.rb | 31 | ||||
| -rw-r--r-- | lib/to-html.rb | 5 |
3 files changed, 37 insertions, 4 deletions
diff --git a/lib/environment.rb b/lib/environment.rb index 6d1bb85..ccd5c9e 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -74,6 +74,11 @@ CONFIG[:authorization][:authenticate_request] = [""] unless CONFIG[:authorizatio CONFIG[:authorization][:authorize_request] = [""] unless CONFIG[:authorization][:authorize_request] CONFIG[:authorization][:free_request] = [""] unless CONFIG[:authorization][:free_request] +cookie_secret = CONFIG[:authorization] ? CONFIG[:authorization][:cookie_secret] : nil +cookie_secret = cookie_secret ? cookie_secret : "ui6vaiNi-change_me" +use Rack::Session::Cookie, :expire_after => 28800, + :secret => cookie_secret + RDF = OwlNamespace.new 'http://www.w3.org/1999/02/22-rdf-syntax-ns#' OWL = OwlNamespace.new 'http://www.w3.org/2002/07/owl#' DC = OwlNamespace.new 'http://purl.org/dc/elements/1.1/' diff --git a/lib/helper.rb b/lib/helper.rb index 33774b4..da77945 100644 --- a/lib/helper.rb +++ b/lib/helper.rb @@ -1,4 +1,34 @@ helpers do + + def login(username, password) + logout + session[:subjectid] = OpenTox::Authorization.authenticate(username, password) + #LOGGER.debug "ToxCreate login user #{username} with subjectid: " + session[:subjectid].to_s + if session[:subjectid] != nil + session[:username] = username + return session[:subjectid] + else + session[:username] = "" + return nil + end + end + + def logout + if session[:subjectid] != nil + session[:subjectid] = nil + session[:username] = "" + return true + end + return false + end + + def logged_in() + return true if !AA_SERVER + if session[:subjectid] != nil + return OpenTox::Authorization.is_token_valid(session[:subjectid]) + end + return false + end # Authentification def protected!(subjectid) @@ -56,7 +86,6 @@ helpers do subjectid = session[:subjectid] if session[:subjectid] subjectid = params[:subjectid] if params[:subjectid] and !subjectid subjectid = request.env['HTTP_SUBJECTID'] if request.env['HTTP_SUBJECTID'] and !subjectid - subjectid = request.cookies["subjectid"] unless subjectid # see http://rack.rubyforge.org/doc/SPEC.html subjectid = CGI.unescape(subjectid) if subjectid.include?("%23") @subjectid = subjectid diff --git a/lib/to-html.rb b/lib/to-html.rb index 2979062..519688f 100644 --- a/lib/to-html.rb +++ b/lib/to-html.rb @@ -111,7 +111,7 @@ module OpenTox end get '/sign_out/?' do - response.set_cookie("subjectid",{:value=>nil}) + logout content_type "text/html" content = "Sucessfully signed out from "+$url_provider.url_for("",:full) OpenTox.text_to_html(content) @@ -123,9 +123,8 @@ get '/sign_in/?' do end post '/sign_in/?' do - subjectid = OpenTox::Authorization.authenticate(params[:user], params[:password]) + subjectid = login(params[:user], params[:password]) if (subjectid) - response.set_cookie("subjectid",{:value=>subjectid}) content_type "text/html" content = "Sucessfully signed in as '"+params[:user]+"' to "+$url_provider.url_for("",:full) OpenTox.text_to_html(content,subjectid) |